|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200406-11] Horde-IMP: Input validation vulnerability Vulnerability Scan
Vulnerability Scan Summary Horde-IMP: Input validation vulnerability
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200406-11
(Horde-IMP: Input validation vulnerability)
Horde-IMP fails to properly sanitize email messages that contain malicious
HTML or script code.
Impact
By enticing a user to read a specially crafted e-mail, a possible hacker can
execute arbitrary scripts running in the context of the victim's browser.
This could lead to a compromise of the user's webmail account, cookie
theft, etc.
Workaround
There is no known workaround at this time.
References:
http://www.securityfocus.com/bid/10501
Solution:
All Horde-IMP users should upgrade to the latest stable version:
# emerge sync
# emerge -pv ">=horde-imp-3.2.4"
# emerge ">=horde-imp-3.2.4"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|